Artemis[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Artemis.zip
Size

1.6MB
MD5

1b7f48b8dd8e28c8828871b9bc7bb6ae
SHA1

2834baf78b7c97cda7436c0b35b088e286f69091
SHA256

0c0d0317981aaccbc47b6ad8179020837648e3b81ac0c26de395cf5ce6ac2d1c
SHA512

97a8d780df5fc41495eddff77ca7dc7f543137be39af3d90968d3ff4b0f5e299ebf7ea1f8289b0b4fda755c927c7e5998125211d5fcf89c868f57b56630d8dd5
SSDEEP

49152:VacwC6I7dtTOsl/DAZMIR3ExyUwkoWPkjfzamI5:mIhksl7AsyTkoWPcLI5

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Artemis.dll
unpack001/Artemis.exe

Files

Artemis.zip
.zip
Artemis.dll
.dll windows:6 windows x64 arch:x64

25611e6f1c4f107f93fd644b9c6293f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
bind
getsockname
socket
ntohs
htons
setsockopt
getaddrinfo
WSASetLastError
WSACreateEvent
WSACloseEvent
select
__WSAFDIsSet
WSACleanup
WSAGetLastError
recv
closesocket
ioctlsocket
connect
listen
accept
sendto
recvfrom
getnameinfo
getpeername
WSASocketW
shutdown
freeaddrinfo
send
gethostname
htonl
WSAIoctl
WSAResetEvent
getsockopt

kernel32

GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetCurrentThreadId
InitOnceBeginInitialize
FormatMessageA
SetEvent
CloseHandle
ResetEvent
CreateEventA
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
GetModuleHandleA
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
FindResourceA
GetModuleHandleExA
LockResource
LoadResource
UnhandledExceptionFilter
CreateFile2
UnmapViewOfFile
CreateFileMappingFromApp
MapViewOfFileFromApp
RtlVirtualUnwind
IsBadReadPtr
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject
MultiByteToWideChar
GetSystemDirectoryA
GetProcAddress
LoadLibraryA
GetLastError
WideCharToMultiByte
GetEnvironmentVariableA
Sleep
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetSystemTimeAsFileTime
GetTickCount64
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
GetThreadTimes
GetCurrentThread
SetUnhandledExceptionFilter
FreeLibrary
GetFileSizeEx
GetCurrentDirectoryW
CreateDirectoryW
InitOnceComplete
GetLocaleInfoEx
AreFileApisANSI
SetFileInformationByHandle
GetFinalPathNameByHandleW
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
GetFileInformationByHandleEx
LocalFree
FindClose
CreateFileW

user32

OpenClipboard
CallNextHookEx
SetClipboardData
EmptyClipboard
GetClipboardData
CloseClipboard

advapi32

CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA

shell32

SHGetKnownFolderPath

ole32

CoTaskMemFree

msvcp140

??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Query_perf_frequency
_Query_perf_counter
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
_Xtime_get_ticks
?_Throw_Cpp_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
_Mtx_unlock
?_Random_device@std@@YAIXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
_Cnd_signal
_Cnd_init_in_situ
_Cnd_wait
_Thrd_id
_Thrd_join
_Cnd_destroy_in_situ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_K@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??7ios_base@std@@QEBA_NXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
_Tolower
_Toupper
??1ctype_base@std@@UEAA@XZ
??0ctype_base@std@@QEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getctype@_Locinfo@std@@QEBA?AU_Ctypevec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
_Cnd_unregister_at_thread_exit
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?_Winerror_map@std@@YAHH@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
_Cnd_register_at_thread_exit
_Cnd_broadcast
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
_Thrd_hardware_concurrency
_Strxfrm
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z

bcrypt

BCryptGenRandom
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__std_type_info_name
strchr
_purecall
__C_specific_handler
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
__std_terminate
__current_exception
memset
__current_exception_context
strstr
memcmp
strrchr
memchr
memmove
_CxxThrowException
__RTDynamicCast
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

calloc
_aligned_malloc
malloc
_callnewh
free
realloc
_aligned_free

api-ms-win-crt-runtime-l1-1-0

strerror
__sys_errlist
_errno
terminate
_beginthreadex
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_invalid_parameter_noinfo
_initialize_onexit_table
_initialize_narrow_environment
abort
_configure_narrow_argv
__sys_nerr
_invalid_parameter_noinfo_noreturn
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

strncpy
isspace
_strdup
strcmp
strspn
strnlen
isalnum
tolower
strncmp
isalpha
ispunct
strcspn
strncat
islower
iscntrl
isxdigit
strpbrk
toupper
isgraph
isdigit
isupper

api-ms-win-crt-convert-l1-1-0

strtoll
wcstombs
strtoull
strtod
atoi
strtol
strtoul

api-ms-win-crt-stdio-l1-1-0

fseek
_lseeki64
feof
fputs
ftell
_close
_fileno
__stdio_common_vsprintf
fopen
__stdio_common_vsscanf
fputc
_open
fflush
_write
__acrt_iob_func
_read
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fclose
fwrite
__stdio_common_vswprintf
fgets
fgetc
fgetpos

api-ms-win-crt-filesystem-l1-1-0

_access_s
_fstat64
_access
_stat64
_unlink
_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

sin
log2
asin
log10
atan
atan2
sinh
_fdopen
ceil
cos
sqrt
cosh
tan
exp
ldexp
round
_dsign
floor
modf
frexp
pow
floorf
fmod
ceilf
log
acos
_ldsign
_fdsign
tanh

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
clock
_gmtime64
_gmtime64_s
strftime
_difftime64

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

wldap32

ord60
ord45
ord50
ord41
ord22
ord26
ord27
ord211
ord33
ord143
ord35
ord79
ord30
ord200
ord301
ord217
ord46
ord32

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertOpenStore
CertAddCertificateContextToStore

Exports

Exports

NextHook

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Artemis.exe
.exe windows:6 windows x64 arch:x64

6615b93b59db24e5d17db5c8e248bc3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

GetLastError
GetEnvironmentVariableA
Sleep
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetCurrentProcessId
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
IsProcessorFeaturePresent
IsDebuggerPresent
Process32Next
CreateToolhelp32Snapshot
OpenProcess
LoadLibraryExA
GetStdHandle
SetConsoleTitleA
SetConsoleTextAttribute
WriteProcessMemory
Process32First
QueryPerformanceCounter
FreeLibrary
VerSetConditionMask
GetProcAddress
QueryPerformanceFrequency
LoadLibraryA
GetModuleHandleA
CreateEventA
WaitForSingleObject
GetModuleHandleW
SleepConditionVariableSRW
GetCurrentThreadId
WakeAllConditionVariable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GlobalUnlock
TerminateProcess
WideCharToMultiByte
GlobalLock
GlobalFree
GlobalAlloc
MultiByteToWideChar
GetSystemTimeAsFileTime
InitializeSListHead
GetTickCount
AcquireSRWLockExclusive
GetSystemDirectoryA
ReleaseSRWLockExclusive
GetConsoleWindow
VirtualProtectEx
CloseHandle

user32

GetWindowRect
GetSystemMetrics
SetClipboardData
DispatchMessageA
DestroyWindow
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
ReleaseDC
SetCursorPos
IsIconic
SetForegroundWindow
ReleaseCapture
RegisterClassExA
SetProcessDPIAware
UnregisterClassA
GetClientRect
SetWindowLongW
SetCursor
SetCapture
BringWindowToTop
GetAsyncKeyState
MoveWindow
TranslateMessage
LoadIconA
PeekMessageA
PostQuitMessage
UpdateWindow
GetWindowThreadProcessId
IsWindowVisible
PostThreadMessageA
SetWindowsHookExA
FindWindowA
GetWindowLongW
AdjustWindowRectEx
GetKeyState
LoadCursorA
SetLayeredWindowAttributes
GetDC
SetWindowPos
MonitorFromWindow
EnumDisplayMonitors
ScreenToClient
SetWindowTextW
WindowFromPoint
ShowWindow
GetCapture
SetWindowLongA
ClientToScreen
IsChild
TrackMouseEvent
GetMonitorInfoA
GetForegroundWindow
DefWindowProcA
CreateWindowExA
SetFocus

gdi32

GetDeviceCaps
CreateSolidBrush

advapi32

CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextA

msvcp140

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?good@ios_base@std@@QEBA_NXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Strxfrm
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
_Xtime_get_ticks
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
_Query_perf_frequency
?_Throw_Cpp_error@std@@YAXH@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Random_device@std@@YAIXZ
_Query_perf_counter
_Thrd_detach
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exceptions@std@@YAHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmAssociateContextEx
ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
__std_terminate
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
memmove
memchr
strrchr
strstr
memset
memcpy
strchr
__std_exception_destroy
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

realloc
_callnewh
malloc
free
_set_new_mode
calloc

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invalid_parameter_noinfo_noreturn
_cexit
__sys_nerr
__sys_errlist
_seh_filter_exe
_set_app_type
_register_thread_local_exe_atexit_callback
_get_initial_narrow_environment
_c_exit
_initterm
_initterm_e
_exit
exit
__p___argv
__p___argc
_beginthreadex
system
_errno
terminate

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
_strdup
toupper
isblank
isalnum
tolower
isspace
strspn
strcmp
strpbrk
strcspn

api-ms-win-crt-stdio-l1-1-0

_fseeki64
_lseeki64
fputs
__stdio_common_vswprintf
feof
_close
_set_fmode
_fileno
_write
fopen
fgets
_read
ftell
_open
fputc
__stdio_common_vfprintf
__p__commode
__stdio_common_vsscanf
fread
__acrt_iob_func
__stdio_common_vsprintf
_wfopen
fwrite
fflush
fclose
fseek

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-convert-l1-1-0

strtoll
strtol
wcstombs
atoi
strtoul

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime
_localtime64

api-ms-win-crt-math-l1-1-0

_ldsign
_fdsign
ceilf
cosf
__setusermatherr
floorf
_fdopen
fmodf
sqrtf
sinf
_dsign
acosf

api-ms-win-crt-locale-l1-1-0

localeconv
_configthreadlocale

api-ms-win-crt-filesystem-l1-1-0

_unlink
_stat64
_fstat64
_access

ws2_32

socket
htons
gethostname
ioctlsocket
WSAIoctl
setsockopt
WSACleanup
WSAStartup
getpeername
sendto
ntohs
WSAGetLastError
WSASetLastError
closesocket
WSAWaitForMultipleEvents
recvfrom
freeaddrinfo
getaddrinfo
recv
listen
htonl
getsockname
__WSAFDIsSet
connect
bind
accept
select
getsockopt
send
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent

wldap32

ord22
ord41
ord45
ord60
ord211
ord46
ord217
ord143
ord26
ord27
ord32
ord33
ord50
ord35
ord79
ord30
ord200
ord301

normaliz

IdnToAscii
IdnToUnicode

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

Sections

.text
Size: 887KB - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25611e6f1c4f107f93fd644b9c6293f3

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

shell32

ole32

msvcp140

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

wldap32

normaliz

crypt32

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 549KB - Virtual size: 548KB

.data Size: 96KB - Virtual size: 111KB

.pdata Size: 75KB - Virtual size: 75KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 17KB - Virtual size: 16KB

6615b93b59db24e5d17db5c8e248bc3e

Headers

DLL Characteristics

File Characteristics

Imports

winmm

d3d11

kernel32

user32

gdi32

advapi32

msvcp140

imm32

d3dcompiler_47

dwmapi

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

ws2_32

wldap32

normaliz

crypt32

Sections

.text Size: 887KB - Virtual size: 887KB

.rdata Size: 325KB - Virtual size: 325KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 42KB - Virtual size: 41KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 549KB - Virtual size: 548KB

.data
Size: 96KB - Virtual size: 111KB

.pdata
Size: 75KB - Virtual size: 75KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 17KB - Virtual size: 16KB

.text
Size: 887KB - Virtual size: 887KB

.rdata
Size: 325KB - Virtual size: 325KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB